1、MANDIANT SPECIAL REPORTIntroduction 3By the Numbers 5 Data from Mandiant Investigations 6The Invasion of Ukraine:Cyber Operations During Wartime 53 Strategic Cyber Espionage and Pre-Positioning Prior to Invasion 56 Initial Destructive Cyber Operations and Military Invasion 57 Sustained Targeting and

2、 Attacks 60 Maintaining Footholds for Strategic Advantage 61 Renewed Tempo of Disruptive Attacks 62 Information Operations Surrounding Russias Invasion of Ukraine 63 Takeaways 64North Koreas Financial Operations Continue to Evolve 65 NFTs,Bridges,Ransomware and More:North Korean Cybercrime in 2022 6

3、7 Not Just Money:Continued Intelligence Collection Operations in Context 69Shifting Focus and Uncommon Techniques Brought Threat Actors Success in 2022 71 Initial Intrustions 73 Getting Around and Getting Out 74 Making Things Personal 76 Lessons Learned 77Red Team Case Study:Cloud-focused Operations

4、 78 Initial Compromise 79 Lateral Movement to Azure 80 Attacking a Password Manager Solution 81 Gaining Visibility within Azure 82 Privilege Escalation to Global Administrator Solution 83 Attacking the Software Development Life Cycle(SDLC)84 Outcomes 85 Targeted Attack Lifecycle Mapping 852022 Campa

5、igns and Global Events 86 CampaignsThreat Actors 87 Global EventsNotable Vulnerabilities 95Notable and Recently Graduated Threat Groups 101 How a Threat Cluster Becomes an APT or FIN Group 102 APT42 Conducts Highly Targeted Surveillance Operations 103Conclusion 105Bibliography 107Table of Contents2S

6、 P E C I A L R E P O R T|M A N D I A N T M-T R E N D S 2 0 2 32IntroductionThe lines separating the real world and the cyber realm have never been hazier.Were seeing Russia engage in information operations in an attempt to influence the narrative surrounding their invasion of Ukraine,and attempt to